libretic/ansible-role-k3s
6
0
Fork 0
mirror of https://github.com/PyratLabs/ansible-role-k3s synced 2025-01-05 17:20:19 +01:00
Code Issues Projects Releases Packages Wiki Activity

Numerous bug fixes to do with permissions and regressions.

Browse source 
Fix issue #25, check k3s_bind_address for readiness check
Fix issue #24, become for tasks that require root
This commit is contained in:
Xan Manning 2020-05-20 18:50:58 +01:00
parent 5ce8dec6ff
commit 141b6f2018
19 changed files with 38 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -7,3 +7,4 @@ VAULT_PASS
vagramt/fetch
vagrant/ubuntu-*.log
__pycache__
ansible.cfg

9
README.md
View file

@ -81,9 +81,12 @@ consistency.
| `k3s_datastore_certfile` | Define the database TLS Cert file. | _NULL_ |
| `k3s_datastore_keyfile` | Define the database TLS Key file. | _NULL_ |
| `k3s_become_for_all` | Enable become for all (where value for `k3s_become_for_*` is _NULL_ | `false` |
| `k3s_become_for_systemd` | Enable become for systemd | _NULL_ |
| `k3s_become_for_install_dir` | Enable become for writing to `k3s_install_dir` | _NULL_ |
| `k3s_become_for_usr_local_bin` | Enable become for writing to /usr/local/bin/ | _NULL_ |
| `k3s_become_for_systemd` | Enable become for systemd commands. | _NULL_ |
| `k3s_become_for_install_dir` | Enable become for writing to `k3s_install_dir`. | _NULL_ |
| `k3s_become_for_usr_local_bin` | Enable become for writing to `/usr/local/bin/`. | _NULL_ |
| `k3s_become_for_package_install` | Enable become for installing prerequisite packages. | _NULL_ |
| `k3s_become_for_kubectl` | Enable become for kubectl commands. | _NULL_ |
| `k3s_become_for_uninstall` | Enable become for running uninstall scripts. | _NULL_ |
| `k3s_dqlite_datastore` | Use DQLite as the database backend for HA. (EXPERIMENTAL) | `false` |
| `k3s_secrets_encryption` | Use secrets encryption at rest. (EXPERIMENTAL) | `false` |

3
defaults/main.yml
View file

@ -109,3 +109,6 @@ k3s_become_for_all: false
k3s_become_for_systemd: null
k3s_become_for_install_dir: null
k3s_become_for_usr_local_bin: null
k3s_become_for_package_install: null
k3s_become_for_kubectl: null
k3s_become_for_uninstall: null

1
handlers/main.yml
View file

@ -19,3 +19,4 @@
name: docker
state: restarted
enabled: true
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"

3
tasks/build/configure-k3s-cluster.yml
View file

@ -6,6 +6,7 @@
register: k3s_slurped_control_token
delegate_to: "{{ k3s_control_delegate }}"
when: k3s_control_token is not defined
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure NODE_TOKEN is formatted correctly for use in templates
set_fact:
@ -35,6 +36,7 @@
- name: Wait for control plane to be ready to accept connections
wait_for:
port: "{{ k3s_https_port }}"
host: "{{ k3s_bind_address | default('127.0.0.1') }}"
delay: 5
sleep: 5
timeout: 300
@ -52,3 +54,4 @@
retries: 30
delay: 20
when: k3s_control_node and not k3s_no_flannel
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"

1
tasks/build/install-docker-amazon.yml
View file

@ -6,5 +6,6 @@
creates: /etc/docker
notify:
- restart docker
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- meta: flush_handlers

1
tasks/build/install-docker-opensuse-leap.yml
View file

@ -10,5 +10,6 @@
delay: 10
notify:
- restart docker
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- meta: flush_handlers

3
tasks/build/install-docker-prerequisites-debian.yml
View file

@ -10,6 +10,7 @@
- software-properties-common
state: present
register: ensure_docker_prerequisites_installed
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
until: ensure_docker_prerequisites_installed is succeeded
retries: 3
delay: 10
@ -18,9 +19,11 @@
apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: present
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker repository is installed and configured
apt_repository:
filename: docker-ce
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
update_cache: true
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"

4
tasks/build/install-docker-prerequisites-redhat.yml
View file

@ -5,6 +5,7 @@
name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}"
state: present
register: ensure_python_dnf_installed
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
until: ensure_python_dnf_installed is succeeded
retries: 3
delay: 10
@ -21,6 +22,7 @@
until: ensure_docker_prerequisites_installed is succeeded
retries: 3
delay: 10
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Check to see if Docker repository is available for this distribution
uri:
@ -40,6 +42,7 @@
state: present
when: ansible_distribution | lower not in ['amazon']
and k3s_redhat_repo_check.status == 200
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker repository is installed and configured from file
command: yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@ -47,3 +50,4 @@
creates: /etc/yum.repos.d/docker-ce.repo
when: ansible_distribution | lower not in ['amazon']
and k3s_redhat_repo_check.status != 200
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"

1
tasks/build/install-docker-suse.yml
View file

@ -10,5 +10,6 @@
delay: 10
notify:
- restart docker
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- meta: flush_handlers

1
tasks/build/install-docker.yml
View file

@ -13,5 +13,6 @@
delay: 10
notify:
- restart docker
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- meta: flush_handlers

4
tasks/teardown/drain-and-remove-nodes.yml
View file

@ -4,6 +4,7 @@
stat:
path: "{{ k3s_install_dir }}/kubectl"
register: k3s_check_kubectl
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
- name: Clean up nodes that are in an uninstalled state
block:
@ -15,6 +16,7 @@
delegate_to: "{{ k3s_control_delegate }}"
run_once: true
register: kubectl_get_nodes_result
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure uninstalled nodes are drained
command: "{{ k3s_install_dir }}/kubectl drain {{ item }} --ignore-daemonsets"
@ -24,6 +26,7 @@
and hostvars[item].k3s_cluster_state is defined
and hostvars[item].k3s_cluster_state == 'uninstalled'
loop: "{{ play_hosts }}"
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure uninstalled nodes are removed
command: "{{ k3s_install_dir }}/kubectl delete node {{ item }}"
@ -33,6 +36,7 @@
and hostvars[item].k3s_cluster_state is defined
and hostvars[item].k3s_cluster_state == 'uninstalled'
loop: "{{ play_hosts }}"
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
when: k3s_check_kubectl.stat.exists is defined
and k3s_check_kubectl.stat.exists

1
tasks/teardown/uninstall-docker-amazon.yml
View file

@ -4,3 +4,4 @@
command: amazon-linux-extras uninstall docker
register: uninstall_docker_from_amazon_linux
changed_when: uninstall_docker_from_amazon_linux.rc == 0
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

1
tasks/teardown/uninstall-docker-opensuse-leap.yml
View file

@ -8,3 +8,4 @@
until: ensure_docker_uninstalled is succeeded
retries: 3
delay: 10
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

2
tasks/teardown/uninstall-docker-prerequisites-debian.yml
View file

@ -6,8 +6,10 @@
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
update_cache: false
state: absent
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker APT key is uninstalled
apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: absent
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

1
tasks/teardown/uninstall-docker-prerequisites-redhat.yml
View file

@ -10,3 +10,4 @@
gpgcheck: true
state: absent
when: ansible_distribution | lower not in ['amazon']
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

1
tasks/teardown/uninstall-docker-suse.yml
View file

@ -8,3 +8,4 @@
until: ensure_docker_uninstalled is succeeded
retries: 3
delay: 10
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

1
tasks/teardown/uninstall-docker.yml
View file

@ -11,3 +11,4 @@
until: ensure_docker_uninstalled is succeeded
retries: 3
delay: 10
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

2
tasks/teardown/uninstall-k3s.yml
View file

@ -21,6 +21,7 @@
register: k3s_killall
changed_when: k3s_killall.rc == 0
when: check_k3s_killall_script.stat.exists
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
- name: Run k3s-uninstall.sh
command: /usr/local/bin/k3s-uninstall.sh
@ -29,6 +30,7 @@
register: k3s_uninstall
changed_when: k3s_uninstall.rc == 0
when: check_k3s_uninstall_script.stat.exists
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
- name: Clean up Docker
command: docker system prune -a --force